LOCAL out of the box user accounts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2020 03:32 AM
Hi All,
What is best practice for managing user accounts are used by the system ? At minimum, I need to change the password every 90 days per our company's policy.
soap.guest
bm.scheduler
instance.sec.user
ml_report.user
sharedservice.worker
ml.admin
virtual.agent
Please suggest me on this
Regards,
Nagesh
- Labels:
-
Cost Management (ITSM)

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2020 04:21 AM
There isn't an OOB function for this. You'd likely need to:
- Add a custom field to the sys_user table that identifies the password last set date
- Modify the installation exit to trigger an event that then triggers a script action to modify this custom field for 90 days in future
- Scheduled job run daily to check custom field where date is today and set the 'password needs resetting' to true.
If these are only web service accounts, have you looked into moving away from basic auth and to oAuth?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2020 07:59 AM
Hi Kieran,
Thanks for reply
could you please explain more about the point 2 and 3 , appreciated if you can provide any script related to this

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2020 01:23 PM
Create a custom date field on sys_user table.
Add a BR to the sys_user table with a condition of 'Password needs resetting CHANGESTO False'
(function executeRule(current, previous /*null when async*/) {
// Add your code here
var date = new GlideDate();
date.addDaysLocalTime(90);
current.u_password_change = date;
gs.eventQueue('user.password.changed',current,date);
})(current, previous);
Then use a scheduled job or flow to find all records where u_password_change is today and set "password needs reset" to true.
var userGR = new GlideRecord('sys_user');
userGR.addEncodedQuery('u_password_changeONToday@javascript:gs.beginningOfToday()@javascript:gs.endOfToday()');
userGR.query();
while(userGR.next()){
userGR.setValue('password_needs_reset','true');
userGR.update();
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2020 01:56 PM
Hi Nagesh
Please consider implementing a password reset process where you will be able to specify required strength for passwords, lockout for failed logins, password auto-generation etc. and follow on password reset execution by checking password change log.
Thank you